application query by tdi filter?

Home Forums Discussions General application query by tdi filter?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #4859
    lxy510
    Participant

      I want to filter application’network activity, when it occurs,always make a query to my application.The question is,How to hold a connect (or accept or receive )in tdi filter driver until a answer is received? If I use a NotifyEvent ,where should I place keWaitfor…() with regarding to IRQL level?
      thanks.
      (English pls)

      #5587
      Taras
      Participant

        You must not use KeWaitFor… at IRQL >= DISPATH_LEVEL if timeout is not equal zero. The problem is sometime NotifyEvent occures at DISPATCH_LEVEL and you should handle it immidiatly. So the one way is to copy net packe, hold them and return from NotifyEvent. On PASSIVE_LEVEL you can wait your application and then renew packet.

        #5588
        lxy510
        Participant

          thank you very much.
          I am a new in tdi-filter,do you mean that I should copy the packet(say it,in tdi_event_connect_handler,must return status_pending?) to somewhere the irql==passive_level,then wait for my application’s response,but how to renew the connection to required status?I mean,if deny,then refuse;if allow,re-connect.
          thank you in advance.

        Viewing 3 posts - 1 through 3 (of 3 total)
        • You must be logged in to reply to this topic.